upper waypoint
NPR

Hackers Steal Information From 31 Million Internet Archive Users

The digital library's website was defaced earlier this month with a message from hackers boasting the theft of users' sensitive records, including email addresses and encrypted passwords. Internet Archive, a San Francisco nonprofit, said it's working to bolster security.
Emma Bowman, NPR
A middle-aged white man with grey hair, wearing a blazer, speaks on a stage.
Internet Archive founder Brewster Kahle speaks onstage during Unfinished Live at The Shed on Sept. 22, 2022, in New York City. (Roy Rochlin/Getty Images)

A hack this month on the world’s largest archive of the internet — whose mission is to provide “universal access to all knowledge” — has compromised millions of users’ information and forced a temporary shutdown of its services.

The attack on the Internet Archive leaked identifying information from more than 31 million user accounts, including patron email addresses and encrypted passwords, according to the website Have I Been Pwnd, which tracks accounts that may be compromised in a data breach.

more on cybersecurity

The Internet Archive, a nonprofit based in San Francisco that operates on a shoestring budget, provides free access to its enormous digitized library of websites, current and past software applications and print materials. The organization said its vast cache of archival material “is safe” following the breach.

IA said that it took down the entire site temporarily to “access and improve our security.” By Friday, most of its services were back online, including its archive tool of websites, the Wayback Machine. The IA said it was working “around the clock” and through the weekend to restore the rest of its services securely.

“In coming days, more services will resume, some starting in read-only mode as full restoration will take more time,” read a blog entry from IA founder Brewster Kahle posted Friday.

News of the attack surfaced on Oct. 9, with visitors to archive.org sharing screenshots showing that the website’s JavaScript had been defaced with a message that the Internet Archive had been breached:

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on [Have I Been Pwnd],” read the JavaScript alert that momentarily appeared on the site.

“We’re taking a cautious, deliberate approach to rebuild and strengthen our defenses. Our priority is ensuring the Internet Archive comes online stronger and more secure,” Kahle said in his blog post.

He noted other recent cyberattacks on libraries — the British Library, Seattle Public Library, Toronto Public Library and Calgary Public Library.

“We hope these attacks are not indicative of a trend,” he said.

In May, the Internet Archive saw its first attack since its founding in 1996, Kahle told The Washington Post, and intermittent outages have followed.

Since 2020, the Internet Archive has been dogged by lawsuits over its digitization of copyrighted books and music. Kahle told the Post the costly fines from the lawsuits could amount to a death blow for the archive.

The nonprofit has yet to share further updates on the breach of sensitive information. NPR has reached out to the Internet Archive for more details about the attack and how its patrons were affected.

lower waypoint
next waypoint
Player sponsored by